the server-side. After the user successfully logged into the app, the
UserManager containes among other things a set of roles which are
assigned to the current user enabling the role-checks without any rpc-
callbacks. The client checks are done to provide only the necessary UI
- only the system functions which can actually be accessed by the
current user. The server checks provides the "true" security, ensuring
that only the users with the corresponding rights can access the
services.
As I'm working with the gwt-presenter, I'm doing the checks also
within the Places objects. But also in the presenters if it's needed.
On 2 Mrz., 20:14, csaffi <csaff...@gmail.com> wrote:
> On 2 Mar, 14:31, Lukasz <l.plotni...@googlemail.com> wrote:
>
> > I'm doing it by providing a self-implemented UserManager object on the
> > client. It contains the currently signed in user and provides methods
> > for access or role checks e.g. canEditUser(). This UserManager object
> > is an singleton injected via gin into all relevant presenters (as you
> > see I'm also using the MVP pattern in my app). When the presenter is
> > rendering the view, it can check which functionality should be enabled
> > or disabled.
>
> > HTH,
> > Lukasz
>
> Thank you Lukasz.
> Does UserManager check user roles server-side with an RCP call?
--
You received this message because you are subscribed to the Google Groups "Google Web Toolkit" group.
To post to this group, send email to google-web-toolkit@googlegroups.com.
To unsubscribe from this group, send email to google-web-toolkit+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-web-toolkit?hl=en.
No comments:
Post a Comment